Hackers-for-hire raided 300 banks, corporates for TWELVE YEARS
Phony cracker biz looked legit
A band of hackers for hire have raided some 300 banks, corporations and governments undetected for 12 years, possibly the longest campaign of its kind.
The German hackers registered 800 front businesses in the UK to target and fully compromise organisations in Germany, Switzerland, and Austria at the request of customers.
Elite Cyber Solutions chief executive Jonathan Gad said the damage done to companies since the attacks began in 2002 was "immeasurable".
"The network exploited the UK's relatively tolerant requirements for purchasing SSL security certificates and established British front companies so they could emulate legitimate web services," Gad said.
"The German attackers behind the network then had total control over the targeted computers and were able to carry out their espionage undisturbed for many years.
"... the damage to the organisations who have been victims in terms of loss of valuable data, income or the exposure of information related to employees and customers is immeasurable"
The Harkonnen Operation attack was detailed a eponymously named special report [pdf] that found companies were compromised by seemingly generic trojans foisted through spear-phishing attacks.
It was unknown if anti-virus was not run at compromised organisations, failed to detect the threat or could not due to the malware being encrypted or otherwise obfuscated.
The trojans detected in the attacks were GFILTERSVC.exe from the generic trojan family Trojan.win7.generic!.bt and wmdmps32.exe.
Those attacks were first detected in a German organisation that held "extremely sensitive information" that used security equipment worth tens of thousands of Euros every year run by security personnel the researchers said were talented and operated according to current standards.
Crooks spent $150,000 on hundreds of domain names, IP addresses and wildcard certificates to make its UK businesses appear legitimate. ®
Sponsored: The Nuts and Bolts of Ransomware in 2016